Re: MAJOR SECURITY FLAW IN WINDOWS XP - RESET ADMIN PASSWORD

From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 07/13/02 

From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu>
Date: Sat, 13 Jul 2002 05:00:43 -0700

This is why it is always said that Physical Security
is the prerequisite to having any security. This will
allow one to log in with a known admin password,
provided it allows the machine to boot - which is
by no means guaranteed after a complete swapout
of the registry. It is better to use regular backup
and then when needed use the repair disk method,
which will automate the registry replacement you
have done. 

--
Roger Abell
MS MVP (Windows Platform), MCSE, MCDBA
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone
"Paul Brown" <small_brown@yahoo.co.uk> wrote in message
news:1965c01c22a4f$758cf430$35ef2ecf@TKMSFTNGXA11...
> I have found a security loop hole with windows xp that
> allows you to set the administrator password to anything
> you want!
>
> I was browsing the knowledge base and found an article on
> how to reset a corrupted registry. By backing up the
> files SAM, SECURITY, SOFTWARE, DEFAULT & SYSTEM from
> the 'windows\system32\config\' directory and replacing
> them with the same files from 'windows\repair' (a backup
> of the registry from the orignal windows load) On my
> machine I had since changed the administrator password
> and upon reseting these files namely the SAM file my
> password went back to its original setting. I then tested
> this further by changing the administrator password
> to "password" copying the files to cd and replacing the
> registry files on my laptop. this worked and i logged in
> as administrator. The machine was terribly slow, probably
> due to the registry being changed to that from a
> different machine but I had managed to login as
> administrator within minutes. Please give some feedback
> on these findings.

Relevant Pages

  • RE: Extracting NT password hashes from registry export file
    ... Extracting NT password hashes from registry export file ... This list is provided by the SecurityFocus Security Intelligence Alert Service. ...
    (Pen-Test)
  • [NT] Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Microsoft Management Console snap in, the System Attendant makes ... changes to the permissions on the Windows Registry to allow Exchange ... There is a flaw in how the System Attendant makes these Registry ...
    (Securiteam)
  • change administrator password
    ... the Security Event Viewer. ... Is there a procedure to follow when changing the administrator password, ... Event Type: Failure Audit ... Logon Failure: ...
    (microsoft.public.win2000.security)
  • [NT] NoHTML Built-in Outlook 2002 Feature Protects Against Malicious Code
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... non-encrypted e-mail in plain text format. ... guarantee that problems resulting from the incorrect use of Registry ... For information about how to edit the registry, ...
    (Securiteam)
  • Re: Minimum NTFS Permissions on the SystemDrive
    ... File system and registry access control list modifications ... Microsoft Windows XP and Microsoft Windows Server 2003 have considerably ... You can no longer use the Anonymous security ... Additional ACL changes may invalidate all or most of the application ...
    (microsoft.public.windows.server.security)